Access Management

Deliver exceptional digital identity experiences while improving security, privacy, and compliance.

Get Started

What Is Access Management?

Access management is at the heart of today’s digital ecosystem. Users of all types, consumer and workforce, demand seamless and secure access to applications, services, and resources anytime, anywhere using any device without disruption. 

To support these requirements, you need to offer frictionless access while ensuring that users are only able to access what they should. Additionally, due to today’s increasing fraudulent and malicious activity, you also need to ensure strict security standards that uphold user trust and brand reputation.

ForgeRock enables simple and safe access to the connected world. ForgeRock Access Management is a single, unified solution that provides the most comprehensive and flexible set of services on the market for today’s identity and access management (IAM) requirements. Whether users sign on from a mobile device, connected car, home appliance, or the next innovation, ForgeRock ensures a safe and delightful experience.

Product Brief

What is ForgeRock Access Management?

The Most Comprehensive and Flexible Access Management Solution

ForgeRock Access Management is a single, unified solution that provides the most comprehensive and flexible set of services to meet today’s identity and access management (IAM) requirements. ForgeRock Access Management is built to orchestrate and manage access at scale for any use case, including workforce, consumer, IoT, and APIs

Using a variety of next-generation features and capabilities, you can:

Download Product Overview

Build Dynamic and Intelligent Access Journeys with Ease

ForgeRock Intelligent Access makes building dynamic user journey flows for authentication, registration, and self service easy with a centralized access orchestration design interface. 

By leveraging Intelligent Access’ drag-and-drop interface to create access trees, you can easily build, configure, measure, and adjust user journeys using a variety of methods. This includes digital signals such as device, contextual, behavioral, user choice, analytics, and risk-based factors. 

Learn more about Intelligent Access

 Intelligent Access, Formerly Intelligent Authentication

Customer Presentation - USAA

As a trusted provider to military members and their families, USAA has stayed on the cutting edge of technology and works with ForgeRock to enable key business capabilities. Learn how IAM has evolved at USAA. See some of the organization’s key digital transformation initiatives, including USAA’s approach to Intelligent Access.



Meet the Demands of Change With an Extensible Platform

Modern enterprises are experiencing many changes that drive user and service integration as well as the development of new go-to-market models. An extensible identity platform is key to supporting this. 

The ForgeRock Access Management platform allows for rapid prototyping and extensions to components such as authentication, authorization, OAuth2 token design, and federation assertions. Simple extensibility allows complex changes to be made without altering the underlying platform and does not require complex consultancy or change control. Whether using scripts, plugin points, or new nodes, the ForgeRock marketplace provides a wide array of extensions provided by ForgeRock, our partners, and our customers.

Partner Marketplace

Support a Zero Trust Security Model

The Zero Trust security model is focused on shifting security analysis from the network to the device, identity, and transaction. In the Zero Trust model, every device, identity, and action must be properly authenticated and authorized. 

ForgeRock Intelligent Authentication enables you to capture a range of non-identity-related contextual signals during login. These signals provide a foundation for continuous security, where contextual checks can be made during login, authorization and resource access time.  A range of options — access throttling, access removal, and dynamic redaction — are upheld by flexible policy enforcement points, such as next-generation agents, intelligent gateways, or native REST integration.

For information about deploying Zero Trust for microgateways, check out our blog entitled Zero Trust Security for the Microservices World.

Learn More About Zero Trust 



Analyst Report

ForgeRock Named a Leader

See why ForgeRock was named a Visionary in the Forrester Wave for Customer Identity and Access Management.

Product Brief

Access Management in Short

Download our datasheet, which provides an overview of our access management solution.

Analyst Report

Leader in Adaptive Authentication

See why ForgeRock was identified as a leader by KuppingerCole in the adaptive authentication space.


Workforce IAM Evaluation Guide

Required Capabilities, Components, and RFP Questions to Ask Providers

Leverage Standards Support and Rapid Adoption

As a leading digital identity provider, ForgeRock understands the needs of today’s organizations. ForgeRock’s rapid adoption and involvement in standards development enables you to meet the latest demands with the latest standards. We take a proactive approach to industry open standards adoption. We are often the first digital identity provider to support standards, such as User Managed Access (UMA) and the OpenID Foundation’s FAPI (Financial-grade API). ForgeRock is an active participant in many standards development bodies and contributes to innovation that will meet tomorrow’s demands.

Learn More

  • oauth2.png


  • openid-connect.png


  • fido.png


  • saml2.png


Intelligent Access

Intelligent Access is based on a powerful authentication tree framework. The intuitive drag-and-drop interface allows you to orchestrate authentication flows with more flexibility, choice, and security than traditional authenticators. With Intelligent Authentication, you can easily configure, measure, and adjust multiple login journeys within a Zero Trust security model using a variety of methods. These include digital signals like device, contextual, behavioral, user choice, analytics, and risk-based factors.

Coarse-Grained and Fine-Grained Authorization

ForgeRock Access Management provides authorization policies, from basic, simple, coarse-grained rules to highly advanced, fine-grained entitlements. With Access Management, you can deliver controlled access to resources using simple point-and-click, drag-and-drop operations. Scripting can be used to extend logic during policy evaluation to any resource type. This includes URLs as well as external services, IoT devices, and things.

Employee-to-Cloud SSO

The federation services in ForgeRock Access Management can securely share heterogeneous systems or domain boundaries using standard identity protocols (SAML, OAuth2/OpenID Connect). Users can access services that span the cloud and mobile devices — on premises and off. This eliminates the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows adoption. SAML-based federation can be used to provide a range of flexible single sign-on options to many cloud-based providers, such as Salesforce or Google.

Workforce Supply Chain Federation

Using standard identity protocols (SAML, OAuth2/OpenID Connect), the federation services in Access Management are able to securely share heterogeneous systems or domain boundaries. Modern enterprises now consist of numerous different partners and supply chain federation boundaries. Today’s network perimeters and user boundaries are blurring, requiring federation and attribute exchange services that allow workforces to be agile and enabled. OpenId Connect and SAML2 services within the ForgeRock platform allow numerous organizations to act as one.

Social Sign-On

ForgeRock Access Management supports social sign-on via social identity providers, such as Facebook, LinkedIn, Google, Instagram, VKontakte, and WeChat. This allows users to log in directly with their existing social accounts and paves the way for rapid customer adoption. In cases where your users should have accounts on your system, you can add the Social Identity module, providing full social registration capabilities. This allows users to bring registration information, such as name and email address from a social provider, and significantly shortens registration time.

Session Management

It is important to ensure that user access and session connection remain undisrupted no matter what happens. For example, your user experience should not degrade if your server goes down. The ForgeRock Identity Platform is designed to provide telco-grade scalability and availability by adhering to open standards, modular architecture, and best practice design principles. The ForgeRock platform is extremely robust, lightweight, and highly scalable. And, it is  simple to deploy in high-availability environments spanning multiple data centers, hosting platforms, and geographies.